Distance learning helped students and educators connect during the pandemic-induced lockdown, but returning to the physical school buildings with devices that have been home for more than a year could introduce significant cyber risk to the organization at a time when schools are an attractive target of cybercriminals.
When schools closed their buildings last and quickly transitioned to complete distance learning, many schools distributed laptops and other devices to students and faculty to keep learning continuous.
Depending on what kind of devices they were, the school policy governing the use of those devices and the school’s ability to manage and secure them, schools everywhere could be introducing thousands of unsecure and compromised devices.
“They’ve been left potentially … without attention for a period of X number months,” says John Shier, a senior security advisor at cybersecurity giant Sophos.
The cyber risk of reopening schools
According to Shier, there are myriad unknowns about the security of those devices, how they were used outside of the school, and who was responsible for keeping them secure.
Schools are beginning to welcome students and faculty back to the building full time as the pandemic begins to ease and vaccines are given, but those school-owned devices being reintroduced to the school’s network could be compromised.
Already, schools are increasingly targeted by malicious cyber actors, and U.S. agencies are warning K-12 institutions about an uptick in ransomware, data theft and other attack methods.
Shier says there was an uptick at the beginning of this school year as some school districts transitioned to a hybrid model of education and relied heavily on that technology to educate students. Ransomware, in particular, has been one of the main cyber threats facing schools.
Depending on how schools manage those devices, they have varying degrees of ability to prevent them from being compromised and keep them patched and up to date.
“So when all these devices are coming back in, there’s a degree of risk,” Shier says.
Luckily for most school districts, they standardize on Google accounts and Chromebooks for students, which are typically very secure.
“There’s not a lot you can do on a Chromebook beyond just use the browser,” he says.
On Windows or Mac computers, that risk becomes greater since they require more security software and patches.
Massive phishing campaigns or credential stealing schemes could hit the users of these laptops, and cybercriminals could then use those credentials to gain access into the critical IT infrastructure of a school district.
“They are getting credential somewhere and then using that to attack the infrastructure and getting a foothold that way, or planting backdoors and planting persistence points. Or they’re exploiting things like the VPN vulnerabilities, exposed RDP or remote access points, they’re brute forcing their way in or finding other ways to get into the network that way,” Shier says. “And then from there, they’re moving around.”
How to safely and securely bring devices back to the school
According to Shier, school IT and security professionals should take a very methodical approach to bringing those laptops and other devices back into the school buildings and school networks.
Set up a separate network
Especially for non-Chromebook devices, administrators should set up a separate network for those devices to give them a thorough scan and clean them of anything that shouldn’t be there.
To do that, make sure the devices don’t automatically connect to the existing Wi-Fi network. Or, administrators can segregate that part of the network to make sure laptops aren’t just jumping onto the production network.
Make sure the devices are up to date
Next, the devices should be scanned to make sure they all have necessary security updates and patches, if administrators weren’t able to do so when the devices are at home.
Scan them deeply for malware and other compromise
Shier suggests a deep scan of the laptops to make sure they aren’t riddled with malware or otherwise compromised. This should also give administrators the ability to make sure that all necessary security software is still functional.
Transition them back to the network
Once the IT team is sure that the devices are free of compromise and up to date, they can start to bring them back onto the network.
‘Once you get a clean bill of health, then you can transition those devices back to the network,” Shier says.